Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-46389
HistoryApr 17, 2023 - 10:15 p.m.

CVE-2022-46389

2023-04-1722:15:07
CWE-79
[email protected]
web.nvd.nist.gov
2
cve-2022-46389
remote attacker
javascript

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.1%

JSON

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.

Affected configurations

Nvd
Node
servicenowservicenowMatchquebec-
OR
servicenowservicenowMatchrome-
OR
servicenowservicenowMatchromeearly_availability
OR
servicenowservicenowMatchromepatch_1
OR
servicenowservicenowMatchromepatch_1_hotfix_1a
OR
servicenowservicenowMatchromepatch_1_hotfix_1b
OR
servicenowservicenowMatchromepatch_10
OR
servicenowservicenowMatchromepatch_2
OR
servicenowservicenowMatchromepatch_3
OR
servicenowservicenowMatchromepatch_4
OR
servicenowservicenowMatchromepatch_4_hotfix_1
OR
servicenowservicenowMatchromepatch_4_hotfix_1a
OR
servicenowservicenowMatchromepatch_4_hotfix_1b
OR
servicenowservicenowMatchromepatch_5
OR
servicenowservicenowMatchromepatch_6
OR
servicenowservicenowMatchromepatch_7
OR
servicenowservicenowMatchromepatch_7a
OR
servicenowservicenowMatchromepatch_7b
OR
servicenowservicenowMatchromepatch_8
OR
servicenowservicenowMatchromepatch_9
OR
servicenowservicenowMatchromepatch_9a
OR
servicenowservicenowMatchsan_diego-
OR
servicenowservicenowMatchsan_diegopatch_1
OR
servicenowservicenowMatchsan_diegopatch_1_hotfix_1
OR
servicenowservicenowMatchsan_diegopatch_1_hotfix_1a
OR
servicenowservicenowMatchsan_diegopatch_1_hotfix_1b
OR
servicenowservicenowMatchsan_diegopatch_2
OR
servicenowservicenowMatchsan_diegopatch_3
OR
servicenowservicenowMatchsan_diegopatch_4
OR
servicenowservicenowMatchsan_diegopatch_4a
OR
servicenowservicenowMatchsan_diegopatch_4b
OR
servicenowservicenowMatchsan_diegopatch_5
OR
servicenowservicenowMatchsan_diegopatch_6
OR
servicenowservicenowMatchsan_diegopatch_7
OR
servicenowservicenowMatchsan_diegopatch_7b
OR
servicenowservicenowMatchsan_diegopatch_8
OR
servicenowservicenowMatchtokyo-
OR
servicenowservicenowMatchtokyoearly_availability
OR
servicenowservicenowMatchtokyopatch_1
OR
servicenowservicenowMatchtokyopatch_1a
OR
servicenowservicenowMatchtokyopatch_1b
OR
servicenowservicenowMatchtokyopatch_2
OR
servicenowservicenowMatchtokyopatch_3
OR
servicenowservicenowMatchutah-
OR
servicenowservicenowMatchutahearly_availability
OR
servicenowservicenowMatchutahpatch_1
OR
servicenowservicenowMatchutahpatch_2
VendorProductVersionCPE
servicenowservicenowquebeccpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:early_availability:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*
servicenowservicenowromecpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*
Rows per page:
1-10 of 471

Related

cvelist 1
cve 1
prion 1
cvelist
cvelist
CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality
2023-04-17 00:00:00
cve
cve
CVE-2022-46389
2023-04-17 22:15:07
prion
prion
Cross site scripting
2023-04-17 22:15:00

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.1%

JSON
Related for NVD:CVE-2022-46389
cvelist1cve1prion1